Fix possible memory leak on error

The two places that call `ossl_ssl_init()` assume that no additional memory has been allocated when this fails; they subsequently free the QUIC_CONNECTION/SSL_CONNECTION via OPENSSL_free() without freeing any other resources. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20316)
2025-01-18 13:44:20 +08:00 · 2023-02-16 10:56:29 -05:00 · 2023-02-16 10:56:29 -05:00 · c10ded8c2c
commit c10ded8c2c
parent c400a1fe47
1 changed files with 6 additions and 3 deletions
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@ -712,14 +712,17 @@ int ossl_ssl_init(SSL *ssl, SSL_CTX *ctx, const SSL_METHOD *method, int type)
    if (ssl->lock == NULL)
        return 0;

+    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, ssl, &ssl->ex_data)) {
+        CRYPTO_THREAD_lock_free(ssl->lock);
+        ssl->lock = NULL;
+        return 0;
+    }
+
    SSL_CTX_up_ref(ctx);
    ssl->ctx = ctx;

    ssl->defltmeth = ssl->method = method;

-    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, ssl, &ssl->ex_data))
-        return 0;
-
    return 1;
 }